CVE-2025-49073
WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through < 1.1.13.
| CWE | CWE-502 |
| Vendor | axiomthemes |
| Product | sweet dessert |
| Published | Jun 6, 2025 |
| Last Updated | Apr 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for axiomthemes sweet dessert
Be the first to know when new critical vulnerabilities affecting axiomthemes sweet dessert are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
axiomthemes / Sweet Dessert
0 โค 1.1.13
References
Credits
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program